package com.imagefake.config;


import com.imagefake.config.handler.AppAccessDeniedHandler;
import com.imagefake.config.handler.AppAuthenticationFailureHandler;
import com.imagefake.config.handler.AppAuthenticationSuccessHandler;
import com.imagefake.config.handler.AppLogoutSuccessHandler;
import com.imagefake.filter.JwtCheckFilter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;


@Configuration
public class WebSecurityConfig {
    @Value("${project-web.url}")
    private String webUrl;

    // 注入登陆成功的处理器
    @Autowired
    private AppAuthenticationSuccessHandler successHandler;

    // 注入登陆失败的处理器
    @Autowired
    private AppAuthenticationFailureHandler failureHandler;

    // 注入没有权限的处理器
    @Autowired
    private AppAccessDeniedHandler accessDeniedHandler;

    //  注入退出成功的处理器
    @Autowired
    private AppLogoutSuccessHandler logoutSuccessHandler;

    //  注入JwtCheckFilter过滤器
    @Autowired
    private JwtCheckFilter jwtCheckFilter;

    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws Exception {
//        配置四种情况的处理器
        httpSecurity
                .authorizeRequests(authorizeRequests ->
                                authorizeRequests
//                                配置跳过某些特定请求
                                        .requestMatchers(   "/register",
                                                "/doLogin",
                                                "/login",
                                                "/web/login",
                                                "/logout").permitAll()
                                        .anyRequest().authenticated()
                )
                .formLogin(formLogin ->
                                formLogin
                                        .successHandler(successHandler)
                                        .failureHandler(failureHandler)
//                                配置自定义登录方式
                                        .usernameParameter("username") //页面表单的用户名的name
                                        .passwordParameter("password")//页面表单的密码的name
                                        .loginPage("/web/login") //自己定义登陆页面的地址
                                        .loginProcessingUrl("/doLogin")//配置登陆的url
                                        .permitAll()
                )
                .logout(logout ->
                        logout
                                .logoutSuccessHandler(logoutSuccessHandler)
                )
                .exceptionHandling(exceptionHandling ->
                        exceptionHandling.accessDeniedHandler(accessDeniedHandler)
                )
                //  配置前置过滤器,并指定过滤器类型
                .addFilterBefore(jwtCheckFilter, UsernamePasswordAuthenticationFilter.class)
//                .csrf().ignoringAntMatchers(contextPath+"/doLogin",
//                        contextPath+"/login",
//                        contextPath+"/logout",
//                        contextPath+"/register",
//                        contextPath+"/web/login");
                // 禁用CSRF保护
                .csrf().disable();
        return httpSecurity.build();
    }
}


